Jürgen Großmann
01 January 2017
31 December 2019
Introduction
In recent years the ICT market has evolved toward a cloud-based approach. This shift together with the rapidly changing legal and regulatory landscape has heavily impacted security assurance, governance and compliance. The information security market players have tried to provide suitable solutions to cope with issues such as
In the certification space this has resulted in the creation of several schemas creating an additional problem, i.e. the proliferation of certification scheme. The project EU-SEC will improve the effectiveness and efficiency of existing approaches for assurance and compliance. The EU-SEC aims to create a framework under which existing, certification and assurance approaches can co-exist.
The three core ideas behind the EU-SEC project are that an effective and efficient approach to trust, assurance and compliance has to:
The EU-SEC framework will equip stakeholders in the ICT security ecosystem with a validated governance structure, a reference architecture, and the corresponding set of tools to improve the efficiency and effectiveness of their current approach to security governance, risks management, assurance and compliance. The EU-SEC aims to enhancing trustworthiness and transparency in the ICT supply chain through business cases developed and piloted by industrial partners.
Standardisation
Framework for multiparty recognition between trustworthy cloud services security certification: The framework defines the principles, criteria, processes and technical capabilities for the mutual recognition between various National, International and sector specific cloud security certifications and attestations.
Continuous Auditing based security certification for trustworthy cloud services: Continuous auditing-based certification relies on tools, methods and processes that allow for security properties of cloud services being checked with a frequency that depends on the service level/qualitative objectives (SLO & SQO) agreed upon between the parties. EU-SEC aims to enhancing trustworthiness and transparency in the ICT supply chain through business cases developed and piloted by industrial partners.
On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.
Cyberwatching.eu has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 740129. The content of this website does not represent the opinion of the European Commission, and the European Commission is not responsible for any use that might be made of such content. Privacy Policy | Disclaimer / Terms and Conditions of Use